Hybrid View

Seperate SSL Certs for pop/imap/smtp/web

I'm in an environment where whilst we currently only have one Zimbra box, but we will be expanding to a multi-server setup before long. As such, we have set up DNS so that pop.zimbra.ourdomain.com, smtp.zimbra.ourdomain.com, etc all point to the same place. The plan is that at some point, these will be on different boxes with different IPs, and so we're allowing for the future expansion.

My question is, how can I install SSL certificates so that the certs match the appropriate hostnames? The Wiki and the forum post linked below were very informative, but I can only see how to give a separate cert to the smtpd, (by having hand-placed /opt/zimbra/conf/smtpd.crt and /opt/zimbra/conf/smtpd.key) but I can't see how to do separate certs for imap, pop and web access.

Any pointers would be wonderful, and if the answer has to be 'Nope, can't do that' then do people think I should bung it in as a feature request?

Wildcard Cert

I don't know if it's an option for you, but you could try using a wildcard cert. I've been testing it myself and have been pretty successful with SMTP/TLS(port 25), https, imap(on perdition), and pop(on perdition) using a test cert from thawte. I haven't gotten smtp over ssl(port 465) working yet, but am working with support on it.

The wildcard cert would allow you to use any DNS name you want. If you need to change it in the future, you don't have to get a new cert. However, it also costs a little extra $$.